In less than a few decades the manner in which organizations conduct business from top to bottom has been transformed. Even the smallest of businesses now rely on technology almost exclusively to track, monitor, plan, and conduct business.
In fact, many organizations have accumulated a wealth of information about themselves and their customers in data warehouses. This information is often indexed and mined to produce reports, generate marketing campaigns, and dynamically drive actions of the organizations.
With this level of automation a variety of problems have emerged that was previously not very prevalent. One particular area of concern is security because physical assets, such as machines, and electronic assets, such as confidential information, can be accessed, breached, and compromised remotely and sometimes anonymously. Additionally, one of the biggest threats to the assets of an enterprise comes from rogue employees of the enterprise misusing enterprise assets.
When an organization finds and plugs one security hole in their electronic systems another one more difficult to plug emerges. Additionally, more often than not security improvements are the result of hindsight evaluation meaning that an organization has to endure a security issue before an improvement to security takes place.
Generally, an organization's security and business decisions are reactive to correct known issues rather than proactive to identify and prevent problems before those problems ever have a chance to occur.